FIRE IN YOUR FACE
PRIVACY POLICY
Last updated: 24 March 2026
1. Introduction
This Privacy Policy explains how Fire In Your Face (“the Business”), operated by Thomas Makinson, collects, uses, stores, and protects your personal data when you use our website, purchase products or services, or otherwise interact with us.
The Business is the data controller for the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
We are committed to protecting your privacy and handling your data responsibly. If you have any questions about this policy, please contact us using the details in Section 12.
2. What Data We Collect
We may collect and process the following personal data:
2.1 Information You Provide Directly
Name and contact details (email address, phone number, postal address)
Billing and delivery address
Payment information (processed securely through Stripe and PayPal — we do not store your full card details)
Account registration details
Video submissions sent via Telegram for pro feedback services
Messages, emails, or enquiries you send to us
Workshop booking details, including any medical conditions or disabilities you disclose
Your Telegram username (if using pro feedback services)
Name and contact details (email address, phone number, postal address)
Billing and delivery address
Payment information (processed securely through Stripe and PayPal — we do not store your full card details)
Account registration details
Video submissions sent via Telegram for pro feedback services
Messages, emails, or enquiries you send to us
Workshop booking details, including any medical conditions or disabilities you disclose
Your Telegram username (if using pro feedback services)
2.2 Information Collected Automatically
IP address
Browser type and version
Device information
Pages visited, time spent on pages, and navigation patterns
Referring website or source
Cookie data (see Section 8)
IP address
Browser type and version
Device information
Pages visited, time spent on pages, and navigation patterns
Referring website or source
Cookie data (see Section 8)
2.3 Information from Third Parties
Payment confirmation data from Stripe and PayPal
Analytics data from Google Analytics and Meta (Facebook Pixel)
Payment confirmation data from Stripe and PayPal
Analytics data from Google Analytics and Meta (Facebook Pixel)
3. How We Use Your Data
We use your personal data for the following purposes:
4. Marketing Communications
We may send you marketing emails about our products, courses, workshops, and services where you have given your consent to receive them.
Marketing emails are sent via Brevo. Your name and email address are shared with Brevo for this purpose. Brevo acts as a data processor on our behalf.
You can withdraw your consent and unsubscribe from marketing emails at any time by clicking the unsubscribe link in any email, or by contacting us directly. Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.
5. Who We Share Your Data With
We do not sell your personal data to third parties. We share data only where necessary to operate the Business and provide our services. The following third parties may receive your data:
Stripe — payment processing (name, email, payment details)
PayPal — payment processing (name, email, payment details)
Google Analytics — website analytics (anonymised browsing data, IP address)
Meta / Facebook Pixel — advertising and remarketing (browsing behaviour, cookie data)
Brevo — email marketing (name, email address)
Telegram — pro feedback service delivery (Telegram username, video content you submit)
Royal Mail or other delivery carriers — order fulfilment (name, delivery address)
WordPress / WooCommerce — website hosting and order management
Each of these providers has their own privacy policy governing how they handle your data. We encourage you to review their policies directly.
6. International Data Transfers
Some of the third-party services we use (including Google, Meta, Stripe, and Telegram) may process data outside the United Kingdom. Where this occurs, we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions, in accordance with UK GDPR requirements.
7. How Long We Keep Your Data
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law.
Order and transaction records: 6 years (to comply with HMRC tax obligations)
Account and course access data: for as long as your account is active, plus 12 months after closure
Pro feedback video submissions: for the duration of your feedback access period, then deleted within 30 days of expiry
Workshop medical disclosures: deleted within 30 days of the session taking place
Marketing data: until you unsubscribe or withdraw consent
Website analytics data: in accordance with Google Analytics and Meta retention settings
When data is no longer required, it will be securely deleted or anonymised.
8. Cookies
Our website uses cookies to improve your experience, analyse traffic, and support advertising.
8.1 Essential Cookies
These are necessary for the website to function, including session management, shopping cart functionality, and login. They cannot be disabled.
8.2 Analytics Cookies
We use Google Analytics to understand how visitors interact with our website. These cookies collect anonymised data about page visits, time on site, and navigation paths.
8.3 Advertising and Remarketing Cookies
We use Meta (Facebook) Pixel to deliver targeted advertising and measure the effectiveness of our campaigns. These cookies track browsing behaviour and may be used to show you relevant ads on other platforms.
8.4 Managing Cookies
You can manage or disable cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of the website. You can also opt out of Google Analytics tracking by installing the Google Analytics Opt-Out Browser Add-on.
9. Your Rights
Under UK GDPR, you have the following rights in relation to your personal data:
Right of access — you can request a copy of the personal data we hold about you
Right to rectification — you can ask us to correct inaccurate or incomplete data
Right to erasure — you can ask us to delete your data where there is no compelling reason to continue processing it
Right to restrict processing — you can ask us to limit how we use your data in certain circumstances
Right to data portability — you can request your data in a structured, commonly used, machine-readable format
Right to object — you can object to processing based on legitimate interests, including direct marketing
Right to withdraw consent — where processing is based on consent, you can withdraw it at any time
To exercise any of these rights, please contact us using the details in Section 12. We will respond to your request within one month.
If you are not satisfied with how we handle your request, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at https://ico.org.uk or by calling 0303 123 1113.
10. Data Security
We take reasonable measures to protect your personal data from unauthorised access, loss, or misuse. These measures include the use of SSL encryption on our website, secure payment processing through Stripe and PayPal, and restricted access to personal data within the Business.
However, no method of transmission over the internet or electronic storage is completely secure. While we strive to protect your data, we cannot guarantee absolute security.
11. Children’s Privacy
Our training services (online and in-person) are restricted to individuals aged 18 or over. We do not knowingly collect personal data from children under the age of 18 in connection with training services.
Physical products may be purchased by individuals of any age. Where we become aware that we have collected personal data from a child without appropriate consent, we will take steps to delete that data.
12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal requirements. Any changes will be posted on this page with an updated “Last updated” date. We encourage you to review this policy periodically.